Skip to content

Commit ec3e9a2

Browse files
jkowalleckjkowalleck
authored
fix(ProtoBuf): add ExternalReterence Type EXTERNAL_REFERENCE_TYPE_RELEASE_NOTES (#531)
fixes #266 --------- Signed-off-by: Jan Kowalleck <[email protected]>
1 parent ed2371e commit ec3e9a2

File tree

7 files changed

+422
-0
lines changed

7 files changed

+422
-0
lines changed

schema/bom-1.6.proto

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -297,6 +297,8 @@ enum ExternalReferenceType {
297297
EXTERNAL_REFERENCE_TYPE_DIGITAL_SIGNATURE = 40;
298298
// Document that complies with RFC-9116 (A File Format to Aid in Security Vulnerability Disclosure)
299299
EXTERNAL_REFERENCE_TYPE_RFC_9116 = 41;
300+
// Reference to release notes
301+
EXTERNAL_REFERENCE_TYPE_RELEASE_NOTES = 42;
300302
}
301303

302304
enum HashAlg {

tools/src/test/resources/1.6/valid-external-reference-1.6.json

Lines changed: 179 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,185 @@
3434
"comment": "Vendor provided documentation for the product"
3535
}
3636
]
37+
},
38+
{
39+
"type": "application",
40+
"name": "dummy",
41+
"description": "this component has all external reference types possible",
42+
"externalReferences": [
43+
{
44+
"type": "vcs",
45+
"url": "http://example.com/extref/vcs"
46+
},
47+
{
48+
"type": "issue-tracker",
49+
"url": "http://example.com/extref/issue-tracker"
50+
},
51+
{
52+
"type": "website",
53+
"url": "http://example.com/extref/website"
54+
},
55+
{
56+
"type": "advisories",
57+
"url": "http://example.com/extref/advisories"
58+
},
59+
{
60+
"type": "bom",
61+
"url": "http://example.com/extref/bom"
62+
},
63+
{
64+
"type": "mailing-list",
65+
"url": "http://example.com/extref/mailing-list"
66+
},
67+
{
68+
"type": "social",
69+
"url": "http://example.com/extref/social"
70+
},
71+
{
72+
"type": "chat",
73+
"url": "http://example.com/extref/chat"
74+
},
75+
{
76+
"type": "documentation",
77+
"url": "http://example.com/extref/documentation"
78+
},
79+
{
80+
"type": "support",
81+
"url": "http://example.com/extref/support"
82+
},
83+
{
84+
"type": "source-distribution",
85+
"url": "http://example.com/extref/source-distribution"
86+
},
87+
{
88+
"type": "distribution",
89+
"url": "http://example.com/extref/distribution"
90+
},
91+
{
92+
"type": "distribution-intake",
93+
"url": "http://example.com/extref/distribution-intake"
94+
},
95+
{
96+
"type": "license",
97+
"url": "http://example.com/extref/license"
98+
},
99+
{
100+
"type": "build-meta",
101+
"url": "http://example.com/extref/build-meta"
102+
},
103+
{
104+
"type": "build-system",
105+
"url": "http://example.com/extref/build-system"
106+
},
107+
{
108+
"type": "release-notes",
109+
"url": "http://example.com/extref/release-notes"
110+
},
111+
{
112+
"type": "security-contact",
113+
"url": "http://example.com/extref/security-contact"
114+
},
115+
{
116+
"type": "model-card",
117+
"url": "http://example.com/extref/model-card"
118+
},
119+
{
120+
"type": "log",
121+
"url": "http://example.com/extref/log"
122+
},
123+
{
124+
"type": "configuration",
125+
"url": "http://example.com/extref/configuration"
126+
},
127+
{
128+
"type": "evidence",
129+
"url": "http://example.com/extref/evidence"
130+
},
131+
{
132+
"type": "formulation",
133+
"url": "http://example.com/extref/formulation"
134+
},
135+
{
136+
"type": "attestation",
137+
"url": "http://example.com/extref/attestation"
138+
},
139+
{
140+
"type": "threat-model",
141+
"url": "http://example.com/extref/threat-model"
142+
},
143+
{
144+
"type": "adversary-model",
145+
"url": "http://example.com/extref/adversary-model"
146+
},
147+
{
148+
"type": "risk-assessment",
149+
"url": "http://example.com/extref/risk-assessment"
150+
},
151+
{
152+
"type": "vulnerability-assertion",
153+
"url": "http://example.com/extref/vulnerability-assertion"
154+
},
155+
{
156+
"type": "exploitability-statement",
157+
"url": "http://example.com/extref/exploitability-statement"
158+
},
159+
{
160+
"type": "pentest-report",
161+
"url": "http://example.com/extref/pentest-report"
162+
},
163+
{
164+
"type": "static-analysis-report",
165+
"url": "http://example.com/extref/static-analysis-report"
166+
},
167+
{
168+
"type": "dynamic-analysis-report",
169+
"url": "http://example.com/extref/dynamic-analysis-report"
170+
},
171+
{
172+
"type": "runtime-analysis-report",
173+
"url": "http://example.com/extref/runtime-analysis-report"
174+
},
175+
{
176+
"type": "component-analysis-report",
177+
"url": "http://example.com/extref/component-analysis-report"
178+
},
179+
{
180+
"type": "maturity-report",
181+
"url": "http://example.com/extref/maturity-report"
182+
},
183+
{
184+
"type": "certification-report",
185+
"url": "http://example.com/extref/certification-report"
186+
},
187+
{
188+
"type": "quality-metrics",
189+
"url": "http://example.com/extref/quality-metrics"
190+
},
191+
{
192+
"type": "codified-infrastructure",
193+
"url": "http://example.com/extref/codified-infrastructure"
194+
},
195+
{
196+
"type": "poam",
197+
"url": "http://example.com/extref/poam"
198+
},
199+
{
200+
"type": "electronic-signature",
201+
"url": "http://example.com/extref/electronic-signature"
202+
},
203+
{
204+
"type": "digital-signature",
205+
"url": "http://example.com/extref/digital-signature"
206+
},
207+
{
208+
"type": "rfc-9116",
209+
"url": "http://example.com/extref/rfc-9116"
210+
},
211+
{
212+
"type": "other",
213+
"url": "http://example.com/extref/other"
214+
}
215+
]
37216
}
38217
]
39218
}

tools/src/test/resources/1.6/valid-external-reference-1.6.textproto

Lines changed: 177 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,3 +30,180 @@ components {
3030
comment: "Vendor provided documentation for the product"
3131
}
3232
}
33+
components {
34+
type: CLASSIFICATION_APPLICATION
35+
name: "dummy"
36+
description: "this component has all external reference types possible"
37+
external_references {
38+
type: EXTERNAL_REFERENCE_TYPE_VCS
39+
url: "http://example.com/extref/vcs"
40+
}
41+
external_references {
42+
type: EXTERNAL_REFERENCE_TYPE_ISSUE_TRACKER
43+
url: "http://example.com/extref/issue-tracker"
44+
}
45+
external_references {
46+
type: EXTERNAL_REFERENCE_TYPE_WEBSITE
47+
url: "http://example.com/extref/website"
48+
}
49+
external_references {
50+
type: EXTERNAL_REFERENCE_TYPE_ADVISORIES
51+
url: "http://example.com/extref/advisories"
52+
}
53+
external_references {
54+
type: EXTERNAL_REFERENCE_TYPE_BOM
55+
url: "http://example.com/extref/bom"
56+
}
57+
external_references {
58+
type: EXTERNAL_REFERENCE_TYPE_MAILING_LIST
59+
url: "http://example.com/extref/mailing-list"
60+
}
61+
external_references {
62+
type: EXTERNAL_REFERENCE_TYPE_SOCIAL
63+
url: "http://example.com/extref/social"
64+
}
65+
external_references {
66+
type: EXTERNAL_REFERENCE_TYPE_CHAT
67+
url: "http://example.com/extref/chat"
68+
}
69+
external_references {
70+
type: EXTERNAL_REFERENCE_TYPE_DOCUMENTATION
71+
url: "http://example.com/extref/documentation"
72+
}
73+
external_references {
74+
type: EXTERNAL_REFERENCE_TYPE_SUPPORT
75+
url: "http://example.com/extref/support"
76+
}
77+
external_references {
78+
type: EXTERNAL_REFERENCE_TYPE_SOURCE_DISTRIBUTION
79+
url: "http://example.com/extref/source-distribution"
80+
}
81+
external_references {
82+
type: EXTERNAL_REFERENCE_TYPE_DISTRIBUTION
83+
url: "http://example.com/extref/distribution"
84+
}
85+
external_references {
86+
type: EXTERNAL_REFERENCE_TYPE_DISTRIBUTION_INTAKE
87+
url: "http://example.com/extref/distribution-intake"
88+
}
89+
external_references {
90+
type: EXTERNAL_REFERENCE_TYPE_LICENSE
91+
url: "http://example.com/extref/license"
92+
}
93+
external_references {
94+
type: EXTERNAL_REFERENCE_TYPE_BUILD_META
95+
url: "http://example.com/extref/build-meta"
96+
}
97+
external_references {
98+
type: EXTERNAL_REFERENCE_TYPE_BUILD_SYSTEM
99+
url: "http://example.com/extref/build-system"
100+
}
101+
external_references {
102+
type: EXTERNAL_REFERENCE_TYPE_RELEASE_NOTES
103+
url: "http://example.com/extref/release-notes"
104+
}
105+
external_references {
106+
type: EXTERNAL_REFERENCE_TYPE_SECURITY_CONTACT
107+
url: "http://example.com/extref/security-contact"
108+
}
109+
external_references {
110+
type: EXTERNAL_REFERENCE_TYPE_MODEL_CARD
111+
url: "http://example.com/extref/model-card"
112+
}
113+
external_references {
114+
type: EXTERNAL_REFERENCE_TYPE_LOG
115+
url: "http://example.com/extref/log"
116+
}
117+
external_references {
118+
type: EXTERNAL_REFERENCE_TYPE_CONFIGURATION
119+
url: "http://example.com/extref/configuration"
120+
}
121+
external_references {
122+
type: EXTERNAL_REFERENCE_TYPE_EVIDENCE
123+
url: "http://example.com/extref/evidence"
124+
}
125+
external_references {
126+
type: EXTERNAL_REFERENCE_TYPE_FORMULATION
127+
url: "http://example.com/extref/formulation"
128+
}
129+
external_references {
130+
type: EXTERNAL_REFERENCE_TYPE_ATTESTATION
131+
url: "http://example.com/extref/attestation"
132+
}
133+
external_references {
134+
type: EXTERNAL_REFERENCE_TYPE_THREAT_MODEL
135+
url: "http://example.com/extref/threat-model"
136+
}
137+
external_references {
138+
type: EXTERNAL_REFERENCE_TYPE_ADVERSARY_MODEL
139+
url: "http://example.com/extref/adversary-model"
140+
}
141+
external_references {
142+
type: EXTERNAL_REFERENCE_TYPE_RISK_ASSESSMENT
143+
url: "http://example.com/extref/risk-assessment"
144+
}
145+
external_references {
146+
type: EXTERNAL_REFERENCE_TYPE_VULNERABILITY_ASSERTION
147+
url: "http://example.com/extref/vulnerability-assertion"
148+
}
149+
external_references {
150+
type: EXTERNAL_REFERENCE_TYPE_EXPLOITABILITY_STATEMENT
151+
url: "http://example.com/extref/exploitability-statement"
152+
}
153+
external_references {
154+
type: EXTERNAL_REFERENCE_TYPE_PENTEST_REPORT
155+
url: "http://example.com/extref/pentest-report"
156+
}
157+
external_references {
158+
type: EXTERNAL_REFERENCE_TYPE_STATIC_ANALYSIS_REPORT
159+
url: "http://example.com/extref/static-analysis-report"
160+
}
161+
external_references {
162+
type: EXTERNAL_REFERENCE_TYPE_DYNAMIC_ANALYSIS_REPORT
163+
url: "http://example.com/extref/dynamic-analysis-report"
164+
}
165+
external_references {
166+
type: EXTERNAL_REFERENCE_TYPE_RUNTIME_ANALYSIS_REPORT
167+
url: "http://example.com/extref/runtime-analysis-report"
168+
}
169+
external_references {
170+
type: EXTERNAL_REFERENCE_TYPE_COMPONENT_ANALYSIS_REPORT
171+
url: "http://example.com/extref/component-analysis-report"
172+
}
173+
external_references {
174+
type: EXTERNAL_REFERENCE_TYPE_MATURITY_REPORT
175+
url: "http://example.com/extref/maturity-report"
176+
}
177+
external_references {
178+
type: EXTERNAL_REFERENCE_TYPE_CERTIFICATION_REPORT
179+
url: "http://example.com/extref/certification-report"
180+
}
181+
external_references {
182+
type: EXTERNAL_REFERENCE_TYPE_QUALITY_METRICS
183+
url: "http://example.com/extref/quality-metrics"
184+
}
185+
external_references {
186+
type: EXTERNAL_REFERENCE_TYPE_CODIFIED_INFRASTRUCTURE
187+
url: "http://example.com/extref/codified-infrastructure"
188+
}
189+
external_references {
190+
type: EXTERNAL_REFERENCE_TYPE_POAM
191+
url: "http://example.com/extref/poam"
192+
}
193+
external_references {
194+
type: EXTERNAL_REFERENCE_TYPE_ELECTRONIC_SIGNATURE
195+
url: "http://example.com/extref/electronic-signature"
196+
}
197+
external_references {
198+
type: EXTERNAL_REFERENCE_TYPE_DIGITAL_SIGNATURE
199+
url: "http://example.com/extref/digital-signature"
200+
}
201+
external_references {
202+
type: EXTERNAL_REFERENCE_TYPE_RFC_9116
203+
url: "http://example.com/extref/rfc-9116"
204+
}
205+
external_references {
206+
type: EXTERNAL_REFERENCE_TYPE_OTHER
207+
url: "http://example.com/extref/other"
208+
}
209+
}

0 commit comments

Comments
 (0)